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DETAILED ACTION 

1 . Claims 1-64 have been examined. 

Specification 

2. The lengthy specification has not been checked to the extent necessary to determine the 
presence of all possible minor errors. Applicant's cooperation is requested in correcting any 
errors of which applicant may become aware in the specification. 

3. The applicant is requested to review the specification and update the status of all co- 
pending applications made mention of, replacing attorney docket numbers with current U.S. 
application or patent numbers when appropriate. References to U.S. applications or patents 
should make it clear as to what the number refers (e.g. U.S. Patent No. #), instead of listing only 
the number. 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-34, 36-44, 46-53, and 55-64 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Reshef et al U.S. Patent No. 6,321,337. 

6. Regarding Claims 1, and 36: receiving a message in an external partition of a server (Col 



3 lines 60-67, Col 4 lines 26-41, Fig la-b) As stated by Reshef et al the messages are received 
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by the external robot (partition) and translated to the internal partition (robot) via a dedicated 
communications link. 

Verifying the message protocol (Col 5 lines 4-24, Col 10 lines 21-36, Col 12 lines 19-32, Col 14 
lines 23-34) As provided the system verifies the message through the protocol manager 
performing such necessary operations. 

Converting the message into an internal message characterized by an internal message protocol 
(Col 3 line 60 -Col 4 line 9) 

Verifying the message protocol of the internal message (Col 4 line 59 - Col 5 line 24) The 
message protocol of the internal message must be verified through the process in order to assure 
its format. 

Accepting the message by the secure entry server (Col 3 line 60 - Col 5 line 24) The messages 
are accepted by the server and processed accordingly. 

7. Regarding Claims 2, 3, 25, 27, and 28: attaching an access ticket to the internal message, 
formatting the internal message according to the message protocol of the received message (Col 
6 line 45 - Col 7 line 29, Col 7 line 65 - Col 8 line 15, Col 9 lines 10-65) As stated by the prior 
art the message after being received is formatted and authorized. This reformatting of the 
message provides for attaching such an access ticket as the system within the scope of the 
reformatted message provides for a manner in which to determine the authenticity and access 
rights of that message. Furthermore, the message is reformatted in a manner consistent with the 
original protocol as is necessary for processing within the internal environment and for 
determination of the destination of the message. 
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8. Regarding Claim 4: verifying the message protocol includes dropping the message if it 
does not conform to the protocol (Col 10 lines 20 - 33) As stated if the sequencing of the 
message is improper and does not conform to the necessary protocol dialogue its operation is 
terminated. 

9. Regarding Claim 5: verifying the internal message protocol includes dropping the 
internal message if it does not conform to the protocol (Col 10 lines 20 - 33) As stated if the 
sequencing of the message is improper and does not conform to the necessary protocol dialogue 
its operation is terminated. 

10. Regarding Claim 6: forwarding the accepted message to the trusted network based on the 
access ticket (Col 6 line 45 - Col 7 line 29, Col 7 line 65 - Col 8 line 15, Col 9 lines 10-65) As 
stated previously the message is forwarded based upon the received message protocols and 
standards that are translated into the reformatted message, that includes the formation of an 
access ticket for such purposes as suggested. 

1 1 . Regarding Claims 7-18: Claims 7-18 are a secure entry server and computer-readable 
medium implementation of the method claims of 1-6 and as such are rejected on the same basis. 

12. Regarding Claims 19, 29, and 30: external partition communicating with an un-trusted 
network, converting a message to an internal message (Col 6 line 40 - Col 7 line 46) 
Message comprising a data field, and message header comprising at least one characteristic of 
the message (Col 5 lines 4-24, Col 9 line 12 - Col 10 line 20) the message is reformatted 
carrying on with it the data that is obviously necessary and the reformatted wrapper that is 
inclusive of the protocol and other attributes that were stripped from the received message. 
Internal partition in communication with a trusted network (Col 6 line 60 - Col 7 line 47) 
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Message airlock configured to pass the internal message between the external and internal 
partitions (Col 6 lines 60-67, Col 7 line 47 - Col 9 line 8) Reshef et al states that the internal and 
external components are isolated and completely separated. They are thereby connected via a 
dedicated communications line (message airlock) that does not compromise this relationship. 

13. Regarding Claim 20: message airlock passes the internal message between the external 
and internal partition only upon a request originating from the internal partition (Col 6 line 60 - 
Col 7 line 1 0, Col 9 line 13 -Col 13 line 4 1 , Col 1 5 line 20 - Col 1 7 line 67) The message is 
passed from the external partition to the internal partition only when requested by the internal 
partition when the packet that is queued is a necessary part of the currently processing message. 

14. Regarding Claim 21 : message airlock passes the internal message between the external 
and internal partition upon a request originating from the external partition (Col 15 line 20 - Col 
17 line 67) The message is passed from the external partition upon the request or acquisition of 
the message reaching the top of the queue. 

15. Regarding Claim 22: external partition contains means for verifying a message (Col 5 
lines 4-24, Col 10 lines 21-36, Col 12 lines 19-32, Col 14 lines 23-34) As shown the external 
partition may verify the message by several different means including authenticating, and 
verifying format. 

16. Regarding Claim 23: airlock comprises means for opening a logical connection between 
the external and internal partition, Means for transferring the internal message between 
partitions, Means for closing the connection (Col 6 lines 60-67, Col 7 line 47 - Col 9 line 8) The 
airlock as described may be any dedicated communications link that may be over a local data- 
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bus, an Ethernet connection, or a wireless connection, as such the airlock logically provides for 
a means to open/close a connection and to send the message. 

17. Regarding Claim 24: internal partition contains means for verifying internal message 
(Col 5 lines 4-24, Col 10 lines 21-36, Col 12 lines 19-32, Col 14 lines 23-34, Fig 2b, 4b) As 
provided the reply to messages requires that the internal robot provide for verification of 
received messages from the trusted network before forwarding to the external portion. 

1 8. Regarding Claim 26: internal partition includes a dispatcher for forwarding the message 
to a resource in the trusted network (Col 9 lines 47 - 67) 

19. Regarding Claim 3 1 : Claim 3 1 is a recitation of claims 19-30 and as such is rejected on 
the same basis. 

20. Regarding Claim 32: the network protocol is one of the following: HTTP, XML, HOP, 
POP3, IMAP, SOAP, JRMP, RMI, XNTP, Sun-RPC, SSH, TELNET, FTP, MS Exchange, 
JDBC, ODBC, NETBIOS, and SMTP (Col 9 lines 10-47) 

21. Regarding Claim 33: Claim 33 is a recitation of claims 19-32 and as such is rejected on 
the same basis 

22. Regarding Claim 34: the message protocol is HTTP (Col 9 lines 10-47, Col 12 lines 62 
-67, Col 14 lines 10-23) 

( 

23. Regarding Claim 37: after verifying the message attaching an application cookie (Col 3 
line 60 - Col 4 line 41, Col 7 lines 9-15) After the message is verified it is reformatted as 
dictated. An application cookie is a block of data that relates to an application as returned to a 
client from a server upon a request. In this instant case the external partition acting as both client 
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and server affixes the necessary information relating to the nature of the message including 
anything application specific. 

24. Regarding Claims 38 and 39: converting the internal message includes, filtering the 
contents of the internal message to a subset of the message protocol (Col 13 lines 41 - 52, Col 15 
lines 20 - 58) As shown the messages are filtered based on the protocol. 

25. Regarding Claim 40: authenticating the incoming message (Col 12 lines 19-33, Col 7 
lines 29-47, Col 5 lines 15-25) As stated previously the message is authenticated. 

26. Regarding Claim 41 : message is authenticated based on an authentication module on the 
trusted network (Col 7 line 47- Col 8 line 67) 

27. Regarding Claim 42: the message is authenticated based on an authentication proxy on 
the un-trusted network (Col 1 1 lines 43 - 59, Col 12 lines 19-33, Col 7 lines 29-47, Col 5 lines 
15-25) The message may additionally be authenticated based on an auth proxy. 

28. Regarding Claims 43-47: Claims 43-47 are a recitation of previous claims and as such 
are rejected on the same basis. 

29. Regarding Claims 48 and 62: removing an application cookie from an outgoing message 
before the message is sent to the un-trusted network (Col 13 lines 40 - 67, Fig 4b) As stated 
previously the message is formatted when received into an internal format, therefore in order to 
be sent back to the originator it must be reformatted and the added information removed. 

30. Regarding Claims 49 and 63: encrypting an application cookie attached to an outgoing 
message before the outgoing message is sent to the un-trusted network (Col 13 lines 40 - 67, Fig 
4b) The outgoing information is encrypted, this is inclusive of any information originally 
attached or newly modified and necessary for the response. 
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3 1 . Regarding Claim 64: a session table configured to hold at least one characteristic of the 
internal message (Col 15 lines 19-67) The invention of Reshef et al provides for an object 
repository for holding all such information. 

A manager configured to maintain the session table based on a user authorization and the 
message (Col 15 lines 19-67, Fig 2a-b) Based on the allowed messages the session tables are 
managed as is necessary to facilitate the combination of separate packets. 

Claim Rejections - 35 USC § 103 

32. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
' manner in which the invention was made. 

33. Claims 35, 45, and 54 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Reshef et al U.S. Patent No. 6,321,337 as applied to claims 33, 43, and 52 above, and further in 
view of Frith et al U.S. Patent No. 5,943,426. 

34. Reshef et al teaches a system for communication of messages from an untrusted network 
to a trusted network via an airlock. 

35. Reshef et al fails to teach creating a message digest of each message that passes through 
the system. 

36. Frith et al teaches digitally signing a message to be sent from one server to the next for 
the improved authenticity of such a message and the added benefit of the networks integrity. 
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37. It is desirable within a communications network to provide for the authenticity of data as 
well as the security of the network from outside intrusion. Furthermore, it is desirable to be able 
to obtain such functionality within an efficient manner. (Reshef et al Col 9 line 65 - Col 10 line 
9, Col 3 lines 44-60, Col 1 lines 15-22, Frith et al Col 1 lines 10-27, lines 50 -61) 

38. It would have been obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine the system of Frith et al with that of Reshef et al for the added benefit of 
the absolute integrity of the message as it is transferred over the network. 

39. Regarding Claims 35, 45 and 54: converting the message includes calculating a message 
digest and attaching the digest to the internal message (Frith et al Fig 3-5) As described Frith et 
al produces a digital signature for each message that is transmitted between partitions. As 
defined by The Encyclopedia of Cryptology a digital signature is composed of a message digest. 

Conclusion 

40. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. Applicant is reminded that in amending in response to a rejection of claims, the 
patentable novelty must be clearly shown in view of the state of art disclosed by the references 
cited and the objections made. Applicant must show how the amendments avoid such references 
and objections. See 37 CFR 1.111 (c). 

41 . Inquiries concerning this communication or earlier communications from the examiner 
should be directed to Thomas M. Szymanski who can be reached at (571) 272-8574. The 
examiner's normal working schedule is between the hours 8:00am - 4:30pm (EST), Monday - 
Friday. 
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42. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse, can be reached at (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

43. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





